Lucene search
K

230 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.14 views

CVE-2024-11254

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS6.4AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:58 a.m.8 views

CVE-2024-54819

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery SSRF due to improper input validation in classes/security/validation.php...

9.1CVSS9.2AI score0.18174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:14 a.m.9 views

CVE-2024-20403

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...

5.4CVSS6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:28 a.m.19 views

CVE-2023-32537

Affected versions Trend Micro Apex Central on-premise are vulnerable to potential authenticated reflected cross-site scripting XSS attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order ...

5.4CVSS5.5AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.14 views

CVE-2023-47726

IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087...

7.1CVSS7.1AI score0.00368EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:47 a.m.8 views

CVE-2023-20219

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...

8.8CVSS7.8AI score0.00892EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:50 a.m.17 views

CVE-2022-20834

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

4.8CVSS5.9AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:15 p.m.4 views

CVE-2022-39072

There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks...

5.4CVSS6AI score0.00336EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/22 9:25 p.m.75 views

Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.

Summary TSSC/IMC addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. B...

9.8CVSS9.8AI score0.99957EPSS
Exploits10Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.10 views

CVE-2021-30299

Possible out of bound access in audio module due to lack of validation of user provided input...

6.7CVSS6.8AI score0.00123EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 p.m.10 views

CVE-2020-25151

The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 all versions...

7.5CVSS7.1AI score0.0115EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:25 p.m.12 views

CVE-2020-16216

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and...

6.5CVSS6.5AI score0.00704EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.9 views

CVE-2020-3954

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

6.1CVSS6.8AI score0.00774EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.6 views

CVE-2019-15800

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Due to lack of input validation in the cmdsystracerouteexec, cmdsysarpclear, and cmdsyspingexec functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call...

10CVSS8.3AI score0.03872EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:1 a.m.6 views

CVE-2019-8549

Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges...

9.3CVSS7.1AI score0.01439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 a.m.11 views

CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

8.5CVSS7AI score0.01328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:1 a.m.7 views

CVE-2011-4124

Input validation issues were found in Calibre at devices/linuxmounthelper.c which can lead to argument injection and elevation of privileges...

10CVSS7.2AI score0.02235EPSS
Exploits1References1
Veracode
Veracode
added 2025/05/20 9:7 a.m.10 views

Denial Of Service (DoS)

github.com/ollama/ollama is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation and unchecked array index access in the /api/pull endpoint, which allows an attacker to send a crafted manifest that crashes the server...

7.5CVSS6.5AI score0.00426EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/07 5:39 p.m.21 views

CVE-2025-20197

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...

6.7CVSS6.6AI score0.00144EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/07 12:0 a.m.1 views

TOTOLINK A810R setParentalRules function buffer overflow vulnerability

The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from the startTime and endTime parameters in the setParentalRules function failing to correctly validate t...

8.8CVSS8.5AI score0.00375EPSS
Exploits1References1
Rows per page
Query Builder